RuspoliMet Deploys DAMASK System to Secure Industrial Data Infrastructure
At the NEDRA 4.0 congress in St. Petersburg, representatives of the metallurgical company RuspoliMet described a new approach to protecting industrial data and analytics systems. The company has become the first in Russia to deploy the DAMASK software and hardware platform designed to safeguard sensitive information in critical infrastructure.
The DAMASK system preserves the functionality of analytical tools while protecting sensitive datasets, simplifies certification procedures required by the federal regulator FSTEK and minimizes the damage that could result from data leaks. At the same time, it allows enterprises to safely use Russian cloud services for industrial analytics and data processing.
Strengthening Industrial Data Security
DAMASK helps secure both conventional IT infrastructure and the full set of industrial data stored in cloud environments, significantly reducing the risk of confidential information leaks. Traditionally, cybersecurity efforts focused primarily on protecting servers and access controls. Today, however, companies increasingly recognize that the most valuable asset requiring protection is the data itself.
RuspoliMet demonstrated a practical model for safeguarding high-value industrial and commercial information, an issue of particular importance for sectors such as metallurgy and mining where production data can represent a strategic competitive advantage.
Deploying DAMASK also stimulates the development of specialized solutions designed to protect Kriticheskaya Informatsionnaya Infrastruktura (Critical Information Infrastructure, KII). The reliability of such systems increases trust in cloud services and lowers barriers for enterprises that are transitioning toward modern digital technologies.
Industrial Digital Transformation and Cloud Security
The data protection approaches implemented by RuspoliMet could eventually be adopted by other large industrial companies, particularly in energy, chemical manufacturing and transportation. Within the next two to four years, similar methods could become the standard security architecture for Russian industrial facilities moving to domestic IT platforms and cloud infrastructures.
Although geopolitical factors currently limit the export of certain technologies, Russian industrial cybersecurity solutions could attract interest in markets across the CIS, Latin America and Asia, where demand for resilient digital infrastructure is growing rapidly.
Implementing platforms such as DAMASK also helps enterprises accelerate government certification of IT processes. This is critical for large industrial operators that must comply with Russian legislation governing the protection of critical infrastructure. Technologies of this type may significantly accelerate enterprise digital transformation programs being implemented across Russia’s regions.
Building Industrial Cybersecurity Ecosystems
Between 2021 and 2023, companies in the metallurgical sector actively introduced artificial intelligence technologies to optimize industrial processes. According to data from the consulting firm Yakov i Partnery (Yakov and Partners), by 2024 more than 80 percent of Russian mining and metallurgical companies were already using neural network technologies in production operations, while more than 50 percent applied them in research and development. For example, Norilsk Nickel introduced a digital technologist twin designed to monitor the performance of flotation machines.
Industrial companies are also moving toward cloud and hybrid IT environments as digitalization increases demand for flexible infrastructure. EVRAZ, for example, migrated its unified production metrics system to the cloud. The platform functions as a corporate data warehouse that collects, updates and analyzes a wide range of operational indicators, including production volumes and product quality metrics.
Since 2022, Russia has introduced additional regulatory requirements for protecting critical infrastructure. These include mandatory use of domestic technology solutions and stronger coordination between government authorities and KII operators. A revised version of Federal Law No. 187-FZ took effect on September 1, 2025, clarifying the categories of entities classified as KII operators. Beginning March 1, 2026, Order No. 117 issued by FSTEK on April 11, 2025 will introduce quantitative metrics for assessing information security protection levels.
Large metallurgical companies are also building dedicated digital platforms to secure industrial data. Ural Steel, in partnership with the Russian software developer RED SOFT, launched an IT laboratory at the National University of Science and Technology MISIS. The laboratory includes 30 workstations built on a Russian software ecosystem and supports training with domestic operating systems, virtualization platforms, database management tools and centralized administration systems.
Investment Growth and Technology Sovereignty
The RuspoliMet case illustrates that data protection has become a strategic component of enterprise management rather than merely a technical task. Industrial companies are rapidly moving toward digital and cloud-based platforms, and the ability to reliably protect information is increasingly viewed as a marker of technological maturity. In the future, comprehensive cybersecurity systems may become a standard requirement across the entire mining and metallurgical sector.
Experts expect investments in industrial cybersecurity systems to grow over the next three years. New unified regulations for protecting data in critical infrastructure facilities are also likely to emerge. At the same time, enterprises will increasingly rely on cloud technologies that incorporate stricter security requirements. Solutions similar to DAMASK are expected to become a key component of Russia’s broader import-substitution strategy in the IT sector.
